Experts warn of shortage of US cyber pros

New York, June 13, 2012

Leading cyber experts warned of a shortage of talented computer security experts in the United States, making it difficult to protect corporate and government networks at a time when attacks are on the rise.

Symantec Corporation chief executive Enrique Salem told the Reuters Media and Technology Summit in New York that his company was working with the US military, other government agencies and universities to help develop new programmes to train security professionals.

"We don't have enough security professionals and that's a big issue. What I would tell you is it's going to be a bigger issue from a national security perspective than people realise," he said on Tuesday.

Jeff Moss, a prominent hacking expert who sits on the US Department of Homeland Security Advisory Council, said that it was difficult to persuade talented people with technical skills to enter the field because it can be a thankless task.

"If you really look at security, it's like trying to prove a negative. If you do security well, nobody comes and says 'good job.' You only get called when things go wrong."

The warnings come at a time when the security industry is under fire for failing to detect increasingly sophisticated pieces of malicious software designed for financial fraud and espionage and failing to prevent the theft of valuable data.

Moss, who goes by the hacker name "Dark Tangent," said that he sees no end to the labor shortage.

"None of the projections look positive," said Moss, who serves as chief security officer for ICANN, a group that helps run some of the Internet's infrastructure. "The numbers I've seen look like shortages in the 20,000s to 40,000s for years to come."

Reuters last month reported that the National Security Agency was setting up a new cyber-ops programme at select universities to expand US cyber expertise needed for secret intelligence operations against computer networks of adversaries. The cyber-ops curriculum is geared to providing the basic education for jobs in intelligence, military and law enforcement.

The comments echo those of other technology industry executives who complain US universities do not produce enough math and science graduates.

US defense contractor Northrop Grumman Corporation on Monday launched the first undergraduate honours programme in cybersecurity with the University of Maryland to help train more workers for the burgeoning field.

Salem pointed to British banks as one industry already struggling to find enough network security experts.

Moss, who founded the Defcon and Black Hat hacking conferences that are held in Las Vegas each summer, said that US government agencies are so desperate to fill positions that they are poaching security experts from private firms.

In some cases, security firms have retaliated by refusing to send their most talented cyber experts on government jobs for fear of losing them. Instead they send their "B Team" consultants, Moss said.

Some companies have even begun writing non-poaching clauses into their contracts with clients to guard against losing their top cybersecurity talent.

Government officials from normally secretive agencies, including the National Security Agency, FBI and US military, attend Defcon each year to recruit gifted hacking geeks who they might not otherwise be able to identify. - Reuters